I just tried to attach a file ended with .log which has a size of 23kB and I wasn't allowed to do so because *.log files are not allowed to get attached.

WHY IS THAT?

I see the point on limiting file sizes, but compressing a log file of size 23kB is such a waste of time.
And not only for the one attaching the file but for the person decompressing it to be able to read it as well.

First of all: File extensions say nothing. At least they say nothing in linux world. They are a hint maybe, but we could live without them.

I can for example call a script fun.log and still execute it with "./fun.log" (if i made it executable). The same is true for ./fun.png, ./fun.exe, ./fun.fun and even ./fun … And your browser wouldn't be the first with a bug/feature to execute a downloaded fun.log script…

Furthermore 23kb of text is a lot, are you sure you can't help the reader by extracting the relevant bits instead?

Using something like pastebin is another option.

_________________MfG. DonKult
"I never make stupid mistakes. Only very, very clever ones." ~ The Doctor

First of all: File extensions say nothing. At least they say nothing in linux world. They are a hint maybe, but we could live without them.

Yes.

DonKult wrote:

I can for example call a script fun.log and still execute it with "./fun.log" (if i made it executable). The same is true for ./fun.png, ./fun.exe, ./fun.fun and even ./fun … And your browser wouldn't be the first with a bug/feature to execute a downloaded fun.log script…

What about ./fun.tar.gz?

DonKult wrote:

Furthermore 23kb of text is a lot, are you sure you can't help the reader by extracting the relevant bits instead?

Somebody requested a log file which I gave him (about 500 lines). So what's the point? Size was 23kB not 23kb btw.

DonKult wrote:

Using something like pastebin is another option.

Yep, but I did not ask for alternatives but for what reason there are file extension filters.

Yes, maybe in linux world rhis could be called as an executable, too, but the browser still treats it as an archive. Another point: The extension management is Zikula related, what means that it is controlled by the web structure management programm. I know that I can't post .deb files so I pack them into tars or upload them somewhere else and post a link here. The extension filter has many advantages especially for win users, too, for example in virus protection cases. I can live with it, even if it isn't that easy for me or costs more time to pack that all in tars or gzips.

Being the person responsible for the application stack we use on our web servers, here is the background:

The forum software we use is Zafenio, a phpBB based forum module for the Zikula framework (which we used to build the CMS at sidux.com). It includes the "AttachementMod" from phpBB, which includes the file extension filter for the forums. Filtering those, is very common with every popular forum software, not just to protect poor Windows users against malware, but also to protect the web server itself agains possible intrusion patterns from uploaded files.

Yes, this filter is not protecting against everything - it's just one of the many security measures we implemented. Yes, some of the restriced file extensions are worth a discussion, but .log is definitely not. You should paste snippets from logs in a code box, and not attach entire logs. Entire logs never make sense, people asking you to upload entire logs are just too lazy to help you extracting the needed snippets.

We are picky re security,

1) because we offer an operating system here, and every exploit would also harm aptosid's reputation;
2) because we do care for the reliability and uptimes of our web presence;
3) because the main topic of this forums attracts crackers more than others;
4) because we already have experienced and withstand several attacks over the last years;
5) because we can.